}
/* Check for a new value. */
- if ( !sqgetGlobalVar("new_$name", $this->new_value, SQ_POST ) ) {
+ if ( !sqgetGlobalVar("new_$name", $this->new_value, SQ_POST ) ) {
$this->new_value = '';
}
$width = 25;
}
- $result = "<input name=\"new_$this->name\" value=\"$this->value\" size=\"$width\" $this->script>";
+ $result = "<input name=\"new_$this->name\" value=\"" .
+ htmlspecialchars($this->value) .
+ "\" size=\"$width\" $this->script />\n";
return ($result);
}
function createWidget_StrList() {
/* Begin the select tag. */
- $result = "<select name=\"new_$this->name\" $this->script>";
+ $result = "<select name=\"new_$this->name\" $this->script>\n";
/* Add each possible value to the select list. */
foreach ($this->possible_values as $real_value => $disp_value) {
/* Start the next new option string. */
- $new_option = "<option value=\"$real_value\"";
+ $new_option = '<option value="' .
+ htmlspecialchars($real_value) . '"';
/* If this value is the current value, select it. */
if ($real_value == $this->value) {
- $new_option .= ' selected=""';
+ $new_option .= ' selected="selected"';
}
/* Add the display value to our option string. */
- $new_option .= ">$disp_value</option>";
+ $new_option .= '>' . htmlspecialchars($disp_value) . "</option>\n";
/* And add the new option string to our select tag. */
$result .= $new_option;
}
/* Close the select tag and return our happy result. */
- $result .= '</select>';
+ $result .= "</select>\n";
return ($result);
}
$selected = array(strtolower($this->value));
/* Begin the select tag. */
- $result = "<select name=\"new_$this->name\" $this->script>";
+ $result = "<select name=\"new_$this->name\" $this->script>\n";
/* Add each possible value to the select list. */
foreach ($this->possible_values as $real_value => $disp_value) {
$new_option = sqimap_mailbox_option_list(0, $selected, 0, $disp_value);
} else {
/* Start the next new option string. */
- $new_option = "<option value=\"$real_value\"";
+ $new_option = '<option value="' . htmlspecialchars($real_value) . '"';
/* If this value is the current value, select it. */
if ($real_value == $this->value) {
- $new_option .= ' selected';
+ $new_option .= ' selected="selected"';
}
/* Add the display value to our option string. */
- $new_option .= ">$disp_value</option>";
+ $new_option .= '>' . htmlspecialchars($disp_value) . "</option>\n";
}
/* And add the new option string to our select tag. */
$result .= $new_option;
}
/* Close the select tag and return our happy result. */
- $result .= '</select>';
+ $result .= "</select>\n";
return ($result);
}
default: $rows = 5; $cols = 50;
}
$result = "<textarea name=\"new_$this->name\" rows=\"$rows\" "
- . "cols=\"$cols\" $this->script>$this->value</textarea>";
+ . "cols=\"$cols\" $this->script>"
+ . htmlspecialchars($this->value) . "</textarea>\n";
return ($result);
}
// add onChange javascript handler to a regular string widget
// which will strip out all non-numeric chars
if ($javascript_on)
- return preg_replace('/>/', ' onChange="origVal=this.value; newVal=\'\'; '
+ return preg_replace('/\/>/', ' onChange="origVal=this.value; newVal=\'\'; '
. 'for (i=0;i<origVal.length;i++) { if (origVal.charAt(i)>=\'0\' '
. '&& origVal.charAt(i)<=\'9\') newVal += origVal.charAt(i); } '
- . 'this.value=newVal;">', $this->createWidget_String());
+ . 'this.value=newVal;" />', $this->createWidget_String());
else
return $this->createWidget_String();
}
// add onChange javascript handler to a regular string widget
// which will strip out all non-numeric (period also OK) chars
if ($javascript_on)
- return preg_replace('/>/', ' onChange="origVal=this.value; newVal=\'\'; '
+ return preg_replace('/\/>/', ' onChange="origVal=this.value; newVal=\'\'; '
. 'for (i=0;i<origVal.length;i++) { if ((origVal.charAt(i)>=\'0\' '
. '&& origVal.charAt(i)<=\'9\') || origVal.charAt(i)==\'.\') '
- . 'newVal += origVal.charAt(i); } this.value=newVal;">'
+ . 'newVal += origVal.charAt(i); } this.value=newVal;" />'
, $this->createWidget_String());
else
return $this->createWidget_String();
/* Build the yes choice. */
$yes_option = '<input type="radio" id="new_' . $this->name . '_yes" '
. 'name="new_' . $this->name . '" value="' . SMPREF_YES . '"'
- . $yes_chk . ' ' . $this->script . '> '
+ . $yes_chk . ' ' . $this->script . ' /> '
. '<label for="new_'.$this->name.'_yes">' . _("Yes") . '</label>';
/* Build the no choice. */
$no_option = '<input type="radio" id="new_' . $this->name . '_no" '
. 'name="new_' . $this->name . '" value="' . SMPREF_NO . '"'
- . $no_chk . ' ' . $this->script . '> '
+ . $no_chk . ' ' . $this->script . ' /> '
. '<label for="new_'.$this->name.'_no">' . _("No") . '</label>';
/* Build and return the combined "boolean widget". */
function createWidget_Hidden() {
$result = '<input type="hidden" name="new_' . $this->name
- . '" value="' . $this->value . '" ' . $this->script . '>';
+ . '" value="' . htmlspecialchars($this->value)
+ . '" ' . $this->script . ' />';
return ($result);
}
function create_hidden_element($name, $value) {
$result = '<input type="hidden" '
. 'name="' . $name . '" '
- . 'value="' . $value . '">';
+ . 'value="' . htmlspecialchars($value) . '" />';
return ($result);
}
) . "\n";
}
+// vim: et ts=4
?>
projects / squirrelmail.git / commitdiff